[Dnsmasq-discuss] Make dnsmasq distinguish local IPs
Petr Menšík
pemensik at redhat.com
Mon Jul 20 15:12:47 BST 2020
Hi László,
are you sure it is dnsmasq, who is rejecting the communication?
Unbound has by default disabled commuinication on localhost. If you have
any other servers running along it, you have to use:
do-not-query-localhost: no
to override defaults. But that has to be done on unbound side. AFAIK
dnsmasq does not have any such limitation. It does limit only
per-interface, all required is to configure interface=lo, which is
enabled by default.
How many interface= statements do you have in configuration? Is
localhost included?
On 7/20/20 1:45 PM, László Károlyi wrote:
> Hey Simon,
>
> First of all, thanks again for fixing my DNSSEC issue. So as I said
> before, here's my feature request.
>
> I have a FreeBSD box that has multiple local IP addresses on the local
> 'lo0' interface, used by jails as their IPv4 interface address. Those
> IPs vary somewhere in the 127.0.0.x range. The jails use those addresses
> as their IPv4 addresses to communicate with the outside world, while
> being NAT-ed on the only available external IPv4 address.
>
> IPv6-wise, I have a bridge0 interface that handles the many different
> addresses assigned to my box, each assigned to one jail each.
>
> Unbound runs in a jail and thus I've told dnsmasq to communicate with
> either the IPv4 127.0.0.x address, or the IPv6 address of the jail when
> looking up DNS records.
>
> When starting dnsmasq on the 'host' environment (it's the only service
> other than syslog I run in the host environment), dnsmasq refuses to
> communicate with the IPv4 address of the jailed unbound, claiming it's a
> 'local' address:
>
> Jul 20 13:33:23 ksol dnsmasq[99396]: ignoring nameserver 127.0.0.20 -
> local interface
>
> Whereas it's indeed a 'local' interface, it could be used for IPv4
> communication because of the mentioned reasons above.
>
> Because of this, dnsmasq is now only able to communicate through IPv6
> with unbound, but should I lose IPv6 support (unlikely but one never
> knows), I'd lose dnsmasq and the internal name resolution between the
> jails, which now it is able to support.
>
> So my request would be to fix this functionality and make dnsmasq able
> to differentiate between local IPs, in order to be able to use them for
> DNS resolution.
>
> Cheers,
> --
> László Károlyi
> http://linkedin.com/in/karolyi
--
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20200720/d90b6df8/attachment-0001.sig>
More information about the Dnsmasq-discuss
mailing list